Abstract: Service delivery architecture for delivering communications services within a hospital, comprising healthcare and non-healthcare data processing resources, a router and an access infrastructure leading from the router to a plurality of delivery points. The data routing entity controls access by the users at the plurality of delivery points to the healthcare and non-healthcare data processing resources. Healthcare and non-healthcare communications services are delivered over the same access infrastructure. For added security, the host comprises a plurality of authentication entities for authenticating users belonging to respective user classes. An access controller receives an authentication request message comprising user credentials and a user class regarding a user at an end user device. The access controller determines, based on the user class, a destination authentication entity and, releases the credentials towards the destination authentication entity.

Abstract: A system comprising a switching entity disposed between healthcare data processing resources and non-healthcare data processing resources. The switching entity is capable of operation in a first state in which an end user device is communicatively coupled to the healthcare data processing resources to support a healthcare session and a second state in which the end user device is communicatively coupled to the non-healthcare data processing resources to support a non-healthcare session. If the authentication request message is received while the switching entity is operating in the second state and a particular non-healthcare session is in progress, and the selected authentication entity is the healthcare authentication entity, initiating a memory purge at the end user device. Attacks on the healthcare data processing resources, both from the non-healthcare resources directly and via the end user device, are thus prevented.